[closed] Secure your pages alittle better using this simple script!

TimTimTimma

In the event a hacker manages to break out of a function and attempts to begin executing "program execution functions", this script will stop him dead in his tracks!

<?php 
$illegal_uri = array("insert", "delete", "where", "update", "base64_encode", "base64_decode", "escapeshellarg", "exec", "passthru", "proc_closes", "proc_get_status", "proc_nice", "proc_open", "proc_terminate", "shell_exec", "system"); 
$browser_uri = strtolower($_SERVER['REQUEST_URI']); 
$total_illegal_uri = count($illegal_uri); 
for($i = 0; $i <= $total_illegal_uri; $i++){ 
    if(strpos($browser_uri, $illegal_uri[$i]) !== FALSE) 
        die("HACKING ATTEMPT!"); 
} 
?>

This also covers most sql injection methods too!

Weedpacket

It breaks if your site happens to be http://www.windowsupdate.com/ (to pick a fairly suitable and well-known example at random)

It also misses eval.

And preg_replace.

Basically, it's an attempt to anticipate every possible attack; a generally unsuccessful approach to security.

Shrike

TimTimTimma given the number of replies in your other thread regarding this code snippet I suggest you remove this one 😉

...and the term is cracker, or script kiddie, not hacker.

BuzzLY

Closing thread -- reply to this thread here